[Bro] Bro problem - no software.log written

mv meetalivaidya at gmail.com
Fri Feb 21 23:22:38 PST 2014


> If sniffing an interface, as a first step check that the software scripts 
are being loaded:
> 
> 
> $ pwd
> /path/to/bro/logs/2013-08-28
> 
> $ zgrep software loaded_scripts.16\:59\:36-17\:00\:00.log.gz 
>   /usr/local/bro/share/bro/base/frameworks/software/__load__.bro
>   /usr/local/bro/share/bro/base/frameworks/software/./main.bro
>   /usr/local/bro/share/bro/policy/frameworks/software/vulnerable.bro
>   /usr/local/bro/share/bro/policy/frameworks/software/version-changes.bro
>   /usr/local/bro/share/bro/policy/protocols/ftp/software.bro
>   /usr/local/bro/share/bro/policy/protocols/smtp/software.bro
>   /usr/local/bro/share/bro/policy/protocols/ssh/software.bro
>   /usr/local/bro/share/bro/policy/protocols/http/software.bro

I have included the detect-webapps script in local.bro. It is supposed to 
show the logs in software.log. But the logs are not see. 

I checked that the software scripts are being loaded.

I am not running against a pcap.

Is there any way to debug why software.log is not written. Also, is there 
any other way I can see logs generated by detect-webapps.bro script which 
uses signatures.

Thanks.




More information about the Bro mailing list